Comments (33)
user_pref("extensions.webservice.discoverURL", "http://0.0.0.0");
Explained...
@Gibbio OCSP connections are most needed.
By removing the URLs in about:config the browser has way less connections.
Also addons may start connections, as for adblockers retrieving blacklists, but others have hard-linked calls: an example is Ghostery that can't be used without these calls to its own servers.
Also Ubuntu has its own modifications, as the Ubuntu Firefox Modifications addon.
from user.js.
@Gibbio ive listed a bunch of ocsp servers including the ones shipped with firefox by default at #73
pretty sure 2 of the requests you got after disabling addons etc were ocsp requests (the google ip is very close to, and acts exactly like a google ocsp server i encountered). they are nothing to worry about
however, for firefox to be making ocsp requests in the first place, i think it means some ssl requests were made to some sites first. it can be all sorts of things. this user.js doesnt disable all background requests by default. also even if you disable your addons, they can still be checked for updates. maybe go through user.js and/or about:config and look for anything with urls or any enabled features which contact urls to investigate. worst case scenario its something user.js missed out but i doubt it since you're using an older version of firefox
from user.js.
See: https://github.com/Oros42/firefox_change_prefs
from user.js.
Hi.
Probably it is possible to disable these automatic connections.
Are you able to provide more information about these connections? For instance by observing the network traffic with tcpdump or Wireshark or some other tool. The connections going to port 80 should be clearly visible in the traffic capture and for the HTTPS connections (port 443), the DNS lookups would help. Also, an intercepting proxy tool, such as Burp can be put in between your browser and the internet to observe what's happening.
Currently, there are some automatic connections that are allowed on purpose. Namely browser.safebrowsing.malware.enabled and the plugins.update.notifyUser setting that opens the Mozilla plugin check page.
When I set the plugins.update.notifyUser
to false
, I can only see a connection to aus4.mozilla.org
that is related to the H.264 plugin (should be disabled with media.gmp-gmpopenh264.enabled
, I'll look into it).
I pushed a commit (6537587), that sets browser.aboutHomeSnippets.updateUrl
to ""
... if you can check if that helped at all?
from user.js.
tested with new version, got 2 connection:
93.184.220.29
54.230.185.55
here the captures:
http://www.armtc.net/54.230.185.55.pcap
http://www.armtc.net/93.184.220.29.pcap
from user.js.
More captures here:
http://www.armtc.net/52.25.32.149.pcap
http://www.armtc.net/216.58.208.206.pcap
http://www.armtc.net/173.194.65.93.pcap
checked and all plugins/addons are disabled
from user.js.
Also forgot to mention about extensions.update.enabled
(I probably need to document these in the README). I disabled the search engine update with c9f0ec4, as it really doesn't seem that relevant anyway.
tested with new version, got 2 connection:
93.184.220.29
54.230.185.55
I checked the pcaps and:
- 93.184.220.29 seems to be an OCSP request (this is intended)
- 54.230.185.55 seems to be a request to
self-repair.mozilla.org
which seems to be yet another new Firefox feature (sigh!) called self-heal.
I wasn't able to find any setting related to that with a quick glance, but I'll keep looking, as it certainly sounds like something we want to disable. Thanks for reporting this!
from user.js.
Wait, no... It might be the Heartbeat thingie, as the default value of browser.selfsupport.url
is https://self-repair.mozilla.org/%LOCALE%/repair
, but that should've been taken care of with ca2c759. Hmm.
from user.js.
Can you replicate this behavior in your environment? Maybe is just a Fedora OS customizations...
I've just created a little bash script with a netstat:
while true ; do
sleep 0.1
netstat -nputw|grep firefox
done
run script and then run firefox, wait a few seconds then connections start.
If you need more help/test ill help you!
from user.js.
Can you replicate this behavior in your environment?
No. I'm not able to reproduce this, but I'll keep looking and I'm sure we'll figure it out. Can you double check the value of browser.selfsupport.url
?
from user.js.
I've made this test:
fresh install of Xubuntu 15.04 i386 (virt-manager vm)
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install git
reboot
start firefox, disabled all the plugins/addons and changed default page to about:blank
git clone https://github.com/pyllyukko/user.js
cp user.js/user.js .mozilla/firefox/38hc8da2.default/
start firefox, check about:config for browser.selfsupport.url -> is empty
close firefox, start loop script with netstat as root then start firefox. After few seconds I can see firefox quering dns and then he connect to:
52.25.32.149:443
216.58.208.206:443
93.184.220.29:80
from user.js.
Will try to reproduce this on Iceweasel (Debian) in the coming days.
from user.js.
Thanks, @nodiscc. I'll keep trying to reproduce this also.
from user.js.
Looks like I've managed to implement few bugs with 6537587 and c9f0ec4 :( They should be fixed now with b213091.
@Gibbio, can you try again now?
from user.js.
Sorry for the late reply, i've tested today with latest user.js version but i'm keep getting those connections. Seem that Firefox is getting worst every release :(
from user.js.
Sorry for the late reply, i've tested today with latest user.js version but i'm keep getting those connections. Seem that Firefox is getting worst every release :(
We'll just have to keep trying then...
from user.js.
Any progress on finding out the culprit? Is PaleMoon better in this regard?
from user.js.
@CHEF-KOCH : Okay will experiment as time allows, thanks.
from user.js.
@Gibbio: Can you check if about:networking
reveals anything?
from user.js.
close firefox, start loop script with netstat as root then start firefox. After few seconds I can see firefox quering dns and then he connect to:
52.25.32.149:443
216.58.208.206:443
93.184.220.29:80
second ip is google owned and it redirects to www.google.com
third is a digicert ocsp server
first no idea, but its not an ocsp server
from user.js.
why would it be nothing to worry about? its an amazon ec2 instance. anybody could own it
from user.js.
this user has all addons disabled and is concerned about automatic connections so it would be nice to find out what all of the connections are for. im sure they are harmless but doesnt mean they are wanted
from user.js.
i wasnt suggesting anyone make an ip whitelist, or any whitelist. it was just so that people could know whether or not ips belong to ocsp servers
from user.js.
i dont expect it to be a timeless list. and theres no talk of blocking or whitelisting! i just did it because i felt like it. people can do whatever they like with it. lol
from user.js.
which noscript project?
from user.js.
sure, do u want to talk somewhere else? we kinda hijacked this issue
from user.js.
I noticed from about:networking
that my Firefox is still making connections to both tiles.services.mozilla.com and tiles-cloudfront.cdn.mozilla.net. We might need to configure browser.newtabpage.directory.source
to deal the final blow to this tile nuisance.
from user.js.
yeah i have mine set to "" and i dont get those connections
from user.js.
yeah i have mine set to "" and i dont get those connections
Thought so. Any idea what's the difference with specifying ""
and "data:application/json,{}"
(from http://forums.mozillazine.org/viewtopic.php?f=7&t=2888321)?
from user.js.
nah no idea. i dont think there'd be any added benefit by doing the latter
from user.js.
Ping @Gibbio. Can you try again?
from user.js.
I think this can be closed. As pointed out above the methodology is flawed. A better approach would be:
- Setup a packet capture/analysis tool on a gateway machine
- Ensure all Firefox traffic is forwarded through that machine
- Ensure no other OS/application network traffic is present
- Import required certificate in the packet analysis tool, MitM all connections
- Post decrypted contents and metadata of intercepted traffic here.
This can be done in another issue.
from user.js.
This issue comes from some about:config
entry:
user_pref("browser.safebrowsing.enabled", true);
user_pref("browser.safebrowsing.malware.enabled", true);
These features are set to false in my own hardened user.js as they need some connections to work, as downloading a blacklist of hashes from both mozilla and google.
I also remove every single URL, as:
user_pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/
CNAME of blocklist.addons.mozilla.org is mozaws.net which has various possible IP calls:
https://ipinf.ru/sites-on-ip.php?domain=versioncheck.prod.mozaws.net
from user.js.
Related Issues (20)
- Can't stop Firefox background connections HOT 24
- Strange issue Firefox switching to active window - Firefox stealing focus! HOT 3
- Repeat PREF 4520 4614 HOT 3
- Can't change useragent HOT 2
- Segmentation fault on OpenBSD HOT 1
- user.js+noscript HOT 1
- Certain SSL prefs less secure than current Firefox defaults. HOT 1
- Settings will fall back to systemwide_user.js after firefox restart
- privacy.resistfingerprinting not overwriteable HOT 1
- Investigate use of the `sticky` flag on prefs HOT 5
- webgl.disabled can block some website data HOT 1
- Extensions don't show up HOT 4
- How to restore urlbar behaviour? HOT 1
- When connecting with VPN: Secure Connection Failed
- OpenSCAPin profiili Upstream Firefox STIG
- Exceptions for Enhanced Tracking Protection not working HOT 1
- Recommendation to support uBlock Origin "Back up to file"? HOT 1
- set `browser.sessionstore.max_tabs_undo = 0` HOT 3
- set `network.http.referer.trimmingPolicy = 2`/`network.http.referer.XOriginTrimmingPolicy = 2` HOT 2
- Investigate preferences set by ffprofile.com
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from user.js.